OnPoint by Keith Ng


Ich bin ein Cyberpunk

Welcome to your sudden but inevitable future of ubiquitous surveillance.

To an extent, I appreciate the arguments made by supporters of the GCSB Bill - it's not really a huge encroachment of mass surveillance powers, it is, mostly, just the formalisation of mass surveillance powers that have been encroaching for a decade. We are not fucked off because of the bill itself, really, but because we've finally been forced to pay attention to the barftastic overreach of state surveillance that's been happening around us.

At least, that's true for me. Thanks to the GCSB Bill, I finally got around to reading the Kim Dotcom affidavits. It's the best example we have of how "GCSB assistance" is actually rendered. The Police asked the GCSB for help in a one-page request (page 13 of this):

Once the GCSB's lawyer had a look at it, the Police provided a list of "selectors" to the GCSB (we now know from the PRISM documents that "selectors" is the term used to describe the search terms used to make PRISM requests):

The selectors were entered into █████, in an email classified as "SECRET//COMINT//REL TO NZL, AUS, CAN, GBR, USA". In other words, the selectors were entered into a secret communications intelligence system, and this secret system was considered related to Five Eyes:

The email from the GCSB then described "traffic volume from these selectors": i.e. This secret system was capturing live traffic.

This is consistent with everything that we know about PRISM. Key has refused to comment on this.

What does this mean? It means that GCSB assistance is NSA assistance. It means that government agencies can tap into these powers as part of bread-and-butter law enforcement. Through the Bradley Ambrose case, we've seen that the Police are willing to use the full extent of their powers for entirely bullshit cases. Combine the two, and it makes me very, very queasy.

I ended my post in May with "we need to start by getting really, really fucked off". What is step two? Fortunately, there is a 25-year-old answer to this question: Encrypt everything.

Over the next however long it's going to take me, I'm going to be doing short posts on how to secretfy your stuff. Today's post is on encrypting text using public-key encryption.

Public-key Encryption (the uber-short version)

This technique is based on a pair of matching keys - one public, one private. Anything encrypted with one can only be decrypted with the other. Why? MATHS, that's why. The public key is then made public (my key is here), and anyone can use that key to encrypt a messsage. Only you - with the private key that you keep secret - can decrypt that message.

It's actually not that hard. The simplest tool for dealing with PGP keys is gpg4usb. Go download it and have a play. Purely for testing purposes, here is the public AND private keys for "John PGPKey" (right click on the link --> "Save link as.." to save the file). Open up gpg4usb and use the menu bar: Keys --> Import Key from.. --> File.

Select the .asc file you just downloaded. You can now use John PGPKey's private and public keys.

(Just to reiterate, this is for testing purposes only - you should NEVER put your real private key on the internet.)

Here is a message that's been encrypted using John PGPKey's public key. Open it up and copy and paste the garbled text into gpg4usb (including the BEGIN PGP MESSAGE and END PGP MESSAGE lines). Click on the "Decrypt" button. It'll ask you for a passphrase, which is "spicy panopticon in a dunnenad sauce" (this is a more reliable guide to making secure passphrases than your IT department).

(And no, you should not be putting the passphrases for your real private key on the internet, either. NOTE: Apologies if this didn't work before, I posted the wrong version of the key I was faffing around with.)

Enter the passphrase and BAM - you've decrypted a message! (If you haven't, check that you've copied the whole message, and check that you typed in the password properly.)

Now, to encrypt a message, just type things into the text box, select the key you want to encrypt with, and click on the "Encrypt" button. Pretty goddamn easy.

To create your own key, open up Keys --> Manage Keys. From the Key Management window, open up Key --> Generate Key. Fill out the boxes and go. You can export the public key and put it somewhere public - but let's not actually do that yet, until we have a way of securing your private key.

In the next part, we'll talk about publishing keys, verifying keys, signing with keys.


Government Portfolios for Dummies

These are all the Briefings for Incoming Ministers I could get my hands on. They've been cleaned, sorted and fed to DocumentCloud, which scans and OCRs them automatically.

These documents are given to Ministers as introductory papers to their new portfolios. They cover the scope of their portfolio (i.e. What they should be doing), the assets they have under them (i.e. The Department/Ministry, its organisation and key people) and key issues in that particular portfolio.

They really are excellent primers on most aspects of government. You can, of course, use this cache to get some quick background about a particular portfolio, but also use the internal search functions to find specific areas of responsibility or specific issues.

Here you go, in case you missed the link up there. There are more advanced features in DocumentCloud, such as entity analysis and automatic generation of timelines. If you want to take a crack at it, let me know (message me below) and I'll hook you up with an account.


This is an experiment for two things:

1) Providing resources as a form of data journalism. Is this useful? Are you going to do anything with it? Drop me a line if you actually use this for something - I'd love to know.

2) Keeping better government data better than the government. Because why not. The Govt hasn't updated theirs since 2008, and heaps of the links are broken, PDFs are scanned and not searchable, etc. This took me most of the afternoon - it's not hard, and should be quite easy to add to and maintain (this was just the first grab - I'll fill in the gaps later).


Quickfisk: Youth Unemployment

Somehow I got entangled in a Twitter three-way between Hooton, Rob Hosking and #heyclint over youth unemployment figures today, and my 2 Degree 3G was crapping out on me again, so I was in the Twitter-equivalent of a vegetative state, watching them fight around me.

I haven't been following this, so I don't really know what HORRIBLE RIGHTWING LIES Hooton has been telling, but Rob brought out this graph which piqued my curiosity. 

The chart on the right really does seem to show that youth unemployment - although well above OECD average - is going down. Does it?

Spoiler: No.

In the spirit of quickfisking, I'll just get to the point. Here is the unemployment rate for youth (the blue line) vs adults (the red line). Note that the 25-54 age group is the "prime" working age used by OECD for its youth/adult ratio.


First off: It's pretty hard to see the good news in this. I don't blame National for the GFC, but it's impossible to look at this and suggest that National has made a dent in the problem. Unemployment is as bad as it's been since the GFC hit.

So how does this gel with a decreasing youth/adult unemployment ratio? It's just simple arithmetics. Since its lowest point in 2007, adult unemployment went from 2.6% to 5.3% - a 104% increase. Youth unemployment went from 10% in 2007 to 17.3% - a mere 73% increase. 

The upshot is that the youth/adult unemployment ratio is closing because adult unemployment has risen faster than youth unemployment, which hasn't fallen at all. It is nothing to gloat about.

Here is the data.


What Andrew Geddis Said, But Shorter and With More Swearing

During the Budget lock-up last week, an old hand from one of the law firms said that I should ask Bill English about all the legislation that was going to get rushed through immediately after the Budget. I gathered, from what he told me, that a lot of bills got passed in the wake of the Budget with very little scrutiny.

Well. This happened:

You're looking at the Regulatory Impact Statement (RIS) for the Public Health and Disability Amendment Bill. Basically, the courts said that the Government had to pay family members who looked after people with disabilities (because not doing so was discriminatory), so the Government passed this law to say: "Yeah nah."

The RIS isn't just redacted for the public - it was redacted for MPs. *Parliament* voted on this, with all the relevant facts blacked out.

Sure, it's understandable, right? If you're passing a law that's really fucking dodgy, you don't want advice from civil servants saying "uh, this is pretty illegal" to be public. That shit is super embarrassing in court. But actually, that's not really a problem here, because in the same piece of legislation, THEY SAID THEY CAN'T BE TAKEN TO COURT.

Andrew Geddis, over on Pundit, pulled out this shiny little turd (section 70E in the bill):

[When this law kicks in], no complaint based in whole or in part on a specified allegation [that the policy unlawfully discriminates] may be made to the Human Rights Commission, and no proceedings based in whole or in part on a specified allegation [that the policy unlawfully discriminates] may be commenced or continued in any court or tribunal.

That's to say, it doesn't really matter whether the law is discriminatory or not. Hell, it doesn't matter even if the RIS explicitly admits that it is, because they just changed the fucking law to say that you can't complain to *any court or tribunal* over it.

Geddis also pointed out that Attorney-General Chris Finlayson has said that, actually, no, this is not okay. From Finlayson's report to Parliament:

[Section 70E] appears to limit the right to judicial review because it would prevent a person from challenging the lawfulness of a decision on the basis that it was inconsistent with [the Freedom from Discrimination section] of the Bill of Rights Act... On balance, I have concluded that limitation cannot be justified under s5 of the Bill of Rights Act.

(s5 of the Bill of Rights Act says that the Bill of Rights "may be subject only to such reasonable limits prescribed by law as can be demonstrably justified in a free and democratic society")

Geddis suggested that you "might need a moment to let the implications of this sink in". In the interest of expediency, I'm going to start you off:


In the GCSB case, they did something illegal, then just changed the law to make it legal (which is already quite a large crazy basket of NOT OKAY). Here, they're doing something which was against the Human Rights Act before, and is still against the Human Rights Act after, but just made sure the people on the receiving end can't have their legal rights recognised or enforced.

It's saying, sure, the Government's doing something illegal to you, but it's okay, because we just made a law to say there's nothing you can do about itLolz!

Well, it's not okay. It's not okay that human rights promised by law are not honoured because it costs money. It's not okay that due processes promised by the Bill of Rights doesn't apply because the Government says it doesn't apply. It's not okay that advice about how Parliament is about to piss all over the rule of law (at least I assume that's what the legal advice says, because we can't see it) is denied to Parliament. It's not okay that saying "Budget, Budget, Budget" means that the Government can bypass all the checks and balances of Parliament itself and just put itself above the law overnight.


Here's where it gets awkward. Ours is a system of parliamentary sovereignty, with only an informal consitution. Parliament *can* change the Bill of Rights, and it *can* make the Government exempt from it. There's no upper house to stop them, no presidential veto*, no supreme court which can strike it down.

It's only "not okay" in the sense that we have a reasonable expectation that the Government respects the principle of the rule of law, constitutional conventions, and the laws which make up our constitution. Because DEMOCRACY.

When you say it out loud, it really makes our constitutional set-up sound stupid. And it kinda is. But it is, nonetheless, a system. And in this system, *we* are the check against Parliamentary power.

To exercise our constitutional responsibilities, we need to start by getting really, really fucked off.


* Bonus points: Actually, the Governor-General is the other check in the system. Is this a legitimate case for the GG to refuse to sign this into law? Are there conventions for when the GG should activate their Cause-Constitutional-Crisis powers?


Budget 2013: Bringing Down the House (Prices), but not really

Update: Tool is live!

"On track to surplus"

That's not really true. Revenue projections are down on the 2012 Budget, and the Government would be in deficit - except they cut the Operating Allowance for Budget 2014 by $200m.

I had a crack at Bill English about this during the lock-up; his argument was that money is money - I might as well be saying that of *anything* that saved the government more than $75m, and claim that the government only did that because it would bring them over the threshold.

The difference with changing the Operating Allowance is that they don't have to make any decisions yet - it's just a promise to find some money next year. They really will need to find this money next year, so in that sense, it's quite legitimate. But it makes this "on track to surplus" claim really hollow. It's akin to saying "if I spend less next week, I'll have unspent money". It's true - it just doesn't mean anything.


Resumption of contribution to the NZ Super Fund has been delayed, again. It's only a few years, but by Treasury's NZSF model, that matters a lot. By 2033, the NZSF would be $12b smaller (that translates to less money it's feeding back to the government), and about $4b less in tax revenue in the next 20 years.

Of course, that's offset by the decrease in debt and the cost of servicing that debt, and there're the old arguments about whether a dollar in the NZSF is as safe as a dollar less debt.

Student Loans

The Government is getting pretty aggressive about collecting debt from students overseas. Yeah, half the readers of Public Address - that's you, buddy.

  • "Fixed repayment obligations and higher repayment thresholds for overseas-based borrowers" (I think they mean lower thresholds though. I think.)
  • "[Extending] the child support border arrest system for the most non-compliant overseas-based borrowers"
  • "Ongoing information-sharing agreement between IRD and Internal Affairs to collect contact details from passport applications"

More details here.

It's a little horrifying in terms of its aggressiveness, but I also think it makes sense in a lot of ways. Aside from raising the amount of money which is collected, it'll also make it less attractive to try to flee your student loan debt, or to get into the situation where interest stacks up to the point where it becomes impossible for graduates to move back.

It's a big, hideous stick, but I guess good policy doesn't have to be all carrots.

Tertiary Education

  • "New funding" for engineering and science that are basically just inflation adjustments (2% increase), but not for other areas.
  • Signalling that Management, Commerce and Arts should GFYS: Other higher-cost subjects may see an increase in funding if necessary.
  • Private Training Establishments to receive same level of funding as public tertiary education institutions.

Bits and Bobs

  • $80m for new irrigation. Sounds like they're going to be building some dam.
  • New rules to make multinational corporations pay their "fair share" of taxes. But don't expect Google-windfall - it's is only expected to generate $20m over the next 3 years.
  • "Exploring options" or microfinance schemes (low-/no-interest loans) for beneficiaries. Would be great if they get this off the ground - will put predatory finance companies out of business.


The interactive visualisation of the Budget is here. If you loaded it up prior to 14:00, remember to refresh your browsers so you're loading up the right one.

For best performance, use Chrome to view it.


If you think this kind of blogging/data journalism is worthwhile, I'd really appreciate a few bucks on my Givealittle page. The money is nice, but more importantly, this is an experiment to see if reader-funded independent journalism can work in a small market like NZ.